Security Updates available for Adobe Reader and Acrobat

Summary

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected.

Adobe is aware of evidence that indicates an exploit in the wild is being used in limited attacks targeting Adobe Reader users on Windows. Adobe recommends users update their product installations to the latest versions:

Users of Adobe Reader XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.

For users of Adobe Reader X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.

Users of Adobe Acrobat XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.

For users of Adobe Acrobat X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.

Affected software versions

Adobe Reader XI (11.0.07) and earlier 11.x versions for Windows

Adobe Reader X (10.1.10) and earlier 10.x versions for Windows

Adobe Acrobat XI (11.0.07) and earlier 11.x versions for Windows

Adobe Acrobat X (10.1.10) and earlier 10.x versions for Windows

Solution

Adobe recommends users update their software installations by following the instructions below:

Adobe Reader

Users on Windows can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

Details

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected.

Adobe is aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows. Adobe recommends users update their product installations to the latest versions:

Users of Adobe Reader XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.

For users of Adobe Reader X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.

Users of Adobe Acrobat XI (11.0.07) and earlier for Windows should update to version 11.0.08.

For users of Adobe Acrobat X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.

These updates resolve a sandbox bypass vulnerability that could be exploited to run native code with escalated privileges on Windows (CVE-2014-0546).

Acknowledgments

Adobe would like to thank Costin Raiu and Vitaly Kamluk of Kaspersky Labs (CVE-2014-0546) for working with Adobe to help protect our customers.